The Session Initiation Protocol (Rosenberg et al., “SIP: Session Initiation Protocol”, IETF RFC 3261, June 2002) is used to establish multimedia sessions, such as Internet telephony sessions. SIP includes a user authentication scheme in which an SIP Client sends an Invite message to an SIP Server. The SIP Server sends a challenge message back to the SIP Client, for example in the form of a 401 Authorization Required message. The challenge message includes a nonce generated by the SIP Server. The SIP Client computes a response, and sends a second Invite message back to the SIP Server, the second Invite message including the original nonce and the response. The SIP Server compares the transmitted response with an expected response calculated by the SIP Server. If the transmitted response (sent by the SIP Client) matches the expected response, then the caller is authenticated and the SIP Server proceeds to with establishment of the service requested by the user. Such an authentication scheme works if the SIP Client and the SIP Server calculate the response from the nonce using the same algorithm and the same parameters, such as a shared encryption key.
Otoacoustic signatures provide a biometric identification of an individual. The otoacoustic signature of an individual can be determined by transmitting a series of clicks into an individual's ear canal. The echo of these clicks within the ear canal is detected by a microphone. The detected echo is digitized to produce a digital otoacoustic signature of the individual. An example of a method by which a person's otoacoustic signal may be measured and digitized into a digital otoacoustic signature is given in Swabey, M., Beeby, S., Brown, A. and Chad, J., “Using Otoacoustic Emissions as a Biometric”, in Proceedings of First International Conference on Biometric Authentication (ICBA 2004), pp. 600-606, Hong Kong. Zhang, D. and Jain, A. N., Eds., incorporated by reference herein.
Use of otoacoustic signatures in SIP authentication would provide reliable biometric authentication of multimedia services, in particular IP telephony services. Biometric authentication would allow authentication of an individual user rather than of a client device, which would provide for use of services supported by SIP by a registered user from any end user device.